package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

/*使用预编译sql语句，防止sql注入攻击
* */
public class JDBCDemo7 {
    public static void main(String[] args) {
        try (Connection connection = DBUtil.getConnection();){
        String sql = "select id,username,password,nickname from user where username=? and password=?";//占位符 ?
            //预编译sql语句
            PreparedStatement ps = connection.prepareStatement(sql);//返回一个PreparedStatement对象
            ps.setString(1,"李四");
            ps.setString(2,"789789");
            ResultSet resultSet = ps.executeQuery();//执行sql语句 返回结果集
            if (resultSet.next()){
                System.out.println("登录成功");
                System.out.println(resultSet.getInt("id")+","+resultSet.getString("username")+
                        ","+resultSet.getString("password")+","+resultSet.getString("nickname"));
            } else {
                System.out.println("用户名或密码错误");
            }
        } catch (SQLException e) {
           e.printStackTrace();
        }
    }
}
